<?
/*
 * Copyright 2004-2005 Sigve Indregard.
 *
 * This file is part of Laivsys.
 *
 * Laivsys is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Laivsys is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Laivsys; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

/*
 * $Id: dokumenter.php 6 2005-07-11 23:14:47Z say $
 */
 
include("../db.php");
include("auth.php");
include("top.php");

if ($_REQUEST['process'] == 'true') {
	if ($_REQUEST['action'] == 'newfile') {
		$filnavn=$_FILES['lastopp']['name'];
		$datatype=$_FILES['lastopp']['type'];
		$str=$_FILES['lastopp']['size'];
		$tmp_filnavn=$_FILES['lastopp']['tmp_name'];

		$beskrivelse=$_REQUEST['beskrivelse'];
		$offentlig=$_REQUEST['offentlig'];
		$offentlig_etterlaiv=$_REQUEST['offentlig_etterlaiv'];
		$fid=$_REQUEST['fid'];

		$handle=fopen($tmp_filnavn, "rb");
		$data=fread($handle, filesize($tmp_filnavn));
		fclose($handle);
		unlink($tmp_filnavn);

		$data=mysql_escape_string($data);

		if ($fid === 'new')
			$sql="INSERT INTO dokumenter (filnavn, datatype, str, data, beskrivelse, LaivID, Offentlig, Offentlig_etterlaiv) VALUES ('$filnavn', '$datatype', $str, '$data', '$beskrivelse', $laivid, $offentlig, $offentlig_etterlaiv)";
		else 
			$sql="UPDATE dokumenter SET filnavn='$filnavn', datatype='$datatype', str=$str, data='$data', beskrivelse='$beskrivelse', Offentlig=$offentlig, Offentlig_etterlaiv=$offentlig_etterlaiv WHERE ID=$fid";
		
		mysql_query($sql);
	} elseif ($_REQUEST['action'] == 'delete') {
		$id=$_REQUEST['id'];
		$sql="DELETE FROM dokumenter WHERE ID=$id";
		mysql_query($sql);
	} elseif ($_REQUEST['action'] == 'addaxx') {
		$dokid=$_REQUEST['dokID'];
		$deltakerid=$_REQUEST['deltakerID'];
		foreach ($deltakerid as $id) {
			$sql="INSERT INTO dok_tilganger (dokID, deltakerID) VALUES ($dokid, $id)";
			mysql_query($sql);
		}
	} elseif ($_REQUEST['action'] == 'delaxx') {
		$id=$_REQUEST['id'];
		$sql="DELETE FROM dok_tilganger WHERE ID=$id";
		mysql_query($sql);
	}
}
		
?>
<h1>Dokumenter</h1>
<h2>Dokumenter i databasen n�</h2>
<?
$sql="SELECT ID, str, datatype, filnavn, beskrivelse, IF(Offentlig, 'Ja', 'Nei') AS Offentlig, IF(Offentlig_etterlaiv, 'Ja', 'Nei') AS Offentlig_etterlaiv FROM dokumenter WHERE LaivID=$laivid ORDER BY beskrivelse";
$dokumenter=mysql_query($sql);

if (mysql_num_rows($dokumenter)) {
	?>
	<table class="gridded">
	<tr>
	<th>ID</th>
	<th>Beskrivelse</th>
	<th>Off.?</th>
	<th>Off. etter laiv</th>
	<th>St�rrelse</th>
	<th>Filnavn</th>
	<th>Last ned</th>
	<th>Slett</th>
	</tr>
	<?
	while ($dokument=mysql_fetch_assoc($dokumenter)) {
		?>
		<tr>
		<td><?=$dokument['ID']?></td>
		<td><?=$dokument['beskrivelse']?></td>
		<td><?=$dokument['Offentlig']?></td>
		<td><?=$dokument['Offentlig_etterlaiv']?></td>
		<td><?=round(($dokument['str']/1024),2)?> kB</td>
		<td><?=$dokument['filnavn']?></td>
		<td><a href="dokument_lastned.php?id=<?=$dokument['ID']?>">Last ned</a></td>
		<td>
			<form method="post" action="dokumenter.php">
			<input type="hidden" name="process" value="true">
			<input type="hidden" name="id" value="<?=$dokument['ID']?>">
			<input type="hidden" name="action" value="delete">
			<input type="submit" value="Slett">
			</form>
		</td>
		<?
	}
	echo "</table>";
}
?>

<h2>Last opp nytt dokument</h2>
<table class="gridded">
<form enctype="multipart/form-data" method="post" action="dokumenter.php">
<input type="hidden" name="MAX_FILE_SIZE" value="2500000">
<input type="hidden" name="action" value="newfile">
<input type="hidden" name="process" value="true">
<tr>
	<th>Beskrivelse</th>
	<td><input name="beskrivelse"></td>
</tr>
<tr>
	<th>Off.?</th>
	<td>
		<input type="radio" name="offentlig" value="1"> Ja, alle kan se<br/>
		<input type="radio" name="offentlig" value="0" CHECKED> Nei, bare deltakere med tilgang kan se<br/>
	</td>
</tr>
<tr>
	<th>Off. etter laiv?</th>
	<td>
		<input type="radio" name="offentlig_etterlaiv" value="1"> Ja<br/>
		<input type="radio" name="offentlig_etterlaiv" value="0" CHECKED> Nei<br/>
	</td>
</tr>
<tr>
	<th>Fil</th>
	<td><input type="file" name="lastopp"></td>
</tr>
<tr>
	<th>Overskriv</th>
	<td>
	<select name="fid">
	<option value="new">--Nytt dokument--</option>
	<?
	$sql="SELECT ID, beskrivelse FROM dokumenter WHERE LaivID=$laivid ORDER BY beskrivelse";
	$dokumenter=mysql_query($sql);
	while ($dokument=mysql_fetch_row($dokumenter))
		echo "<option value=\"{$dokument[0]}\">{$dokument[1]}</option>\n";
	
	?>
	</select>
</tr>
<tr>
	<th>Send</th>
	<td><input type="submit" value="Last opp"</td>
</tr>
</table>
</form>
<h2>Tilgang til dokument</h2>

<?
$sql="SELECT ID, Beskrivelse FROM dokumenter WHERE LaivID=$laivid ORDER BY Beskrivelse";
$dokumenter=mysql_query($sql);

$sql="SELECT ID, Navn FROM deltakere WHERE Godkjent=1 AND LaivID=$laivid ORDER BY Navn";
$deltakere=mysql_query($sql);

if (mysql_num_rows($dokumenter) && mysql_num_rows($deltakere)) {
	?>

	<form method="post" action="dokumenter.php">
		<input type="hidden" name="process" value="true">
		<input type="hidden" name="action" value="addaxx">
		Gi tilgang til deltakere<br>
		<select name="deltakerID[]" size="15" multiple>
		<?
		while ($deltaker=mysql_fetch_assoc($deltakere)) {
			?>
			<option value="<?=$deltaker['ID']?>"><?=$deltaker['Navn']?></option>
			<?
		}
		?>
		</select>
		<br>
		til dokumentet<br>
		<select name="dokID">
		<?
		while ($deltaker=mysql_fetch_assoc($dokumenter)) {
			?>
			<option value="<?=$deltaker['ID']?>"><?=$deltaker['Beskrivelse']?></option>
			<?
		}
		?>
		</select>
		<p>
		<input type="submit" value="Gjennomf�r!">
	</form>
<?
}
?>
<h2>Eksisterende tilganger</h2>
<?
$sql="SELECT dok_tilganger.ID, Navn, Beskrivelse FROM (dok_tilganger LEFT JOIN deltakere ON dok_tilganger.deltakerID=deltakere.ID) LEFT JOIN dokumenter ON dok_tilganger.dokID=dokumenter.ID WHERE deltakere.LaivID=$laivid ORDER BY Navn";
$tilganger=mysql_query($sql);

echo "<table class=\"gridded\">\n";
while ($tilgang=mysql_fetch_assoc($tilganger)) {
	echo "<tr>\n";
	echo "<td>{$tilgang['Navn']}</td>\n";
	echo "<td>{$tilgang['Beskrivelse']}</td>\n";
	echo "<td><a href='dokumenter.php?process=true&action=delaxx&id={$tilgang['ID']}'>[slett]</a></td>\n";
	echo "</tr>\n";
}
echo "</table>\n";

include("bottom.php");
?>
